Lucene search
K

348 matches found

OSV
OSV
โ€ขadded 2026/06/25 11:52 a.m.โ€ข3 views

SUSE-SU-2026:22365-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References5
Cvelist
Cvelist
โ€ขadded 2026/06/25 3:42 a.m.โ€ข37 views

CVE-2026-10833 Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute

The Gutenberg Essential Blocks โ€“ Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References4
CVE
CVE
โ€ขadded 2026/06/19 4:59 p.m.โ€ข17 views

CVE-2026-49260

CVE-2026-49260 affects PhpWeasyPrint prior to 2.5.1. The vulnerability arises from building the WeasyPrint command by passing the binary path through escapeshellarg() and then validating the quoted result with is_executable(); on POSIX systems this makes the bin path string contain quotes, causin...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/19 12:0 a.m.โ€ข16 views

PT-2026-50965

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.5.1 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software contains a shell command injection flaw occurring when the binary path for WeasyPrint is processed...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References13
Fedora
Fedora
โ€ขadded 2026/06/05 4:26 a.m.โ€ข19 views

[SECURITY] Fedora 44 Update: perl-Crypt-Argon2-0.031-1.fc44

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
GithubExploit
GithubExploit
โ€ขadded 2026/06/02 6:9 a.m.โ€ข91 views

JDWPEx

JDWP Remote Code Execution Exploit A Python 3 implement...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/29 12:0 a.m.โ€ข23 views

PT-2026-47556

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...

4.3CVSS5.5AI score
Exploits0References4
OSV
OSV
โ€ขadded 2026/05/27 9:33 p.m.โ€ข9 views

GHSA-4QPC-3HR4-R2P4 Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Description Symfony\Component\Yaml\Parser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small inpu...

6.9CVSS5.8AI score0.00076EPSS
Exploits0References6
OSV
OSV
โ€ขadded 2026/05/27 9:33 p.m.โ€ข57 views

GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/27 12:0 a.m.โ€ข12 views

PT-2026-44149

Description SymfonyComponentYamlParser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small input c...

6.9CVSS5.8AI score0.00076EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2026/05/23 8:16 p.m.โ€ข13 views

Malicious code in @digicroz/typed-api-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32c8c3e9ffd3f994b21011084101df521e232c2ee5dbe93fd51f36977549f2dc The exported paymentGateways.pay0Pg.createOrder API does not call pay0.shop directly. Instead, dist/index.js hardcodes a base URL of...

5.9AI score
Exploits0References2
OSV
OSV
โ€ขadded 2026/05/18 1:48 p.m.โ€ข6 views

CLEANSTART-2026-OZ77074 Security fixes for ghsa-r4q5-vmmm-2653 applied in versions: 5.1.0-r1

Security vulnerability affects the configurable-http-proxy package. This issue is resolved in later releases. See references for vulnerability details...

5.8AI score
Exploits0References2
Packet Storm
Packet Storm
โ€ขadded 2026/04/22 12:0 a.m.โ€ข90 views

๐Ÿ“„ Dovecot IMAP NOOP Command Memory Exhaustion Denial of Service

This Metasploit auxiliary module targets a memory exhaustion vulnerability in the Dovecot IMAP service. It opens multiple concurrent TCP connections and sends specially crafted NOOP commands containing deeply nested parentheses to force excessive memory allocation on the server. By sustaining the...

7.5CVSS5.8AI score0.00667EPSS
Exploits1
OSV
OSV
โ€ขadded 2026/04/15 7:19 p.m.โ€ข5 views

GHSA-XMJ9-7625-F634 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References5
GithubExploit
GithubExploit
โ€ขadded 2026/03/15 11:56 a.m.โ€ข262 views

Exploit for Code Injection in Unicode

codescan Fast, configurable code security scanner written in...

8.3CVSS5.9AI score0.12205EPSS
Exploits4
OSV
OSV
โ€ขadded 2025/12/30 11:6 p.m.โ€ข7 views

GHSA-H956-RH7X-PPGJ RustFS has a gRPC Hardcoded Token Authentication Bypass

Vulnerability Overview Description RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is: 1. Publicly exposed in the source code repository 2. Hardcoded on both client and server sides 3. Non-configurable with no mechanism for token rotation 4. Universally vali...

9.8CVSS7.5AI score0.2903EPSS
Exploits3References4
OSV
OSV
โ€ขadded 2025/12/18 9:15 p.m.โ€ข5 views

CVE-2025-62002

BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...

8.1CVSS5.8AI score0.00259EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2025/12/18 9:15 p.m.โ€ข3 views

CVE-2025-62001

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

8.7CVSS5.8AI score0.00326EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
โ€ขadded 2025/12/18 8:32 p.m.โ€ข4 views

CVE-2025-62001

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

8.8CVSS5.5AI score0.00326EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
โ€ขadded 2025/12/12 9:31 p.m.โ€ข11 views

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...

7.5CVSS7.9AI score0.00389EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder